[kernel] r17191 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Apr 4 01:04:41 UTC 2011
Author: dannf
Date: Mon Apr 4 01:04:35 2011
New Revision: 17191
Log:
ldm: corrupted partition table can cause kernel oops (CVE-2011-1012)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ldm-corrupted-partition-table-can-cause-kernel-oops.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Mon Apr 4 01:03:25 2011 (r17190)
+++ dists/lenny-security/linux-2.6/debian/changelog Mon Apr 4 01:04:35 2011 (r17191)
@@ -5,6 +5,7 @@
(CVE-2011-0711)
* [s390] remove task_show_regs (CVE-2011-0710)
* fs/partitions: Validate map_count in Mac partition tables (CVE-2011-1010)
+ * ldm: corrupted partition table can cause kernel oops (CVE-2011-1012)
-- dann frazier <dannf at debian.org> Wed, 30 Mar 2011 22:46:26 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ldm-corrupted-partition-table-can-cause-kernel-oops.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ldm-corrupted-partition-table-can-cause-kernel-oops.patch Mon Apr 4 01:04:35 2011 (r17191)
@@ -0,0 +1,39 @@
+commit 294f6cf48666825d23c9372ef37631232746e40d
+Author: Timo Warns <Warns at pre-sense.de>
+Date: Fri Feb 25 14:44:21 2011 -0800
+
+ ldm: corrupted partition table can cause kernel oops
+
+ The kernel automatically evaluates partition tables of storage devices.
+ The code for evaluating LDM partitions (in fs/partitions/ldm.c) contains
+ a bug that causes a kernel oops on certain corrupted LDM partitions. A
+ kernel subsystem seems to crash, because, after the oops, the kernel no
+ longer recognizes newly connected storage devices.
+
+ The patch changes ldm_parse_vmdb() to Validate the value of vblk_size.
+
+ Signed-off-by: Timo Warns <warns at pre-sense.de>
+ Cc: Eugene Teo <eugeneteo at kernel.sg>
+ Acked-by: Richard Russon <ldm at flatcap.org>
+ Cc: Harvey Harrison <harvey.harrison at gmail.com>
+ Cc: <stable at kernel.org>
+ Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+ [dannf: backported to Debian's 2.6.26]
+
+diff --git a/fs/partitions/ldm.c b/fs/partitions/ldm.c
+index 0fdda2e..2ebdde7 100644
+--- a/fs/partitions/ldm.c
++++ b/fs/partitions/ldm.c
+@@ -251,6 +251,11 @@ static bool ldm_parse_vmdb (const u8 *data, struct vmdb *vm)
+ }
+
+ vm->vblk_size = BE32 (data + 0x08);
++ if (vm->vblk_size == 0) {
++ ldm_error ("Illegal VBLK size");
++ return false;
++ }
++
+ vm->vblk_offset = BE32 (data + 0x0C);
+ vm->last_vblk_seq = BE32 (data + 0x04);
+
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Apr 4 01:03:25 2011 (r17190)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Apr 4 01:04:35 2011 (r17191)
@@ -3,3 +3,4 @@
+ bugfix/all/xfs-zero-proper-structure-size-for-geometry-calls.patch
+ bugfix/s390/remove-task_show_regs.patch
+ bugfix/all/fs-partitions-Validate-map_count-in-Mac-partition-tables.patch
++ bugfix/all/ldm-corrupted-partition-table-can-cause-kernel-oops.patch
More information about the Kernel-svn-changes
mailing list